106.54.6.132 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	$f2bV_matches	2020-03-20 20:44:34
attackspam	Mar 11 08:38:40 new sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:38:43 new sshd[8623]: Failed password for r.r from 106.54.6.132 port 33774 ssh2 Mar 11 08:38:43 new sshd[8623]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] Mar 11 08:53:27 new sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:53:28 new sshd[12952]: Failed password for r.r from 106.54.6.132 port 40292 ssh2 Mar 11 08:53:29 new sshd[12952]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] Mar 11 08:57:55 new sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:57:57 new sshd[14397]: Failed password for r.r from 106.54.6.132 port 42112 ssh2 Mar 11 08:57:57 new sshd[14397]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] ........ -------------------------------	2020-03-12 19:36:49

类型

评论内容

时间

attack

$f2bV_matches

2020-03-20 20:44:34

attackspam

Mar 11 08:38:40 new sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:38:43 new sshd[8623]: Failed password for r.r from 106.54.6.132 port 33774 ssh2
Mar 11 08:38:43 new sshd[8623]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
Mar 11 08:53:27 new sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:53:28 new sshd[12952]: Failed password for r.r from 106.54.6.132 port 40292 ssh2
Mar 11 08:53:29 new sshd[12952]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
Mar 11 08:57:55 new sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:57:57 new sshd[14397]: Failed password for r.r from 106.54.6.132 port 42112 ssh2
Mar 11 08:57:57 new sshd[14397]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
........
-------------------------------

2020-03-12 19:36:49

相同子网IP讨论:

IP	类型	评论内容	时间
106.54.65.144	attackspam	SSH_scan	2020-10-14 01:29:08
106.54.65.144	attackbots	Oct 13 09:30:35 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: Invalid user sanchez from 106.54.65.144 Oct 13 09:30:35 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 13 09:30:38 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: Failed password for invalid user sanchez from 106.54.65.144 port 43390 ssh2 Oct 13 09:37:24 Ubuntu-1404-trusty-64-minimal sshd\[7164\]: Invalid user hirabaya from 106.54.65.144 Oct 13 09:37:24 Ubuntu-1404-trusty-64-minimal sshd\[7164\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144	2020-10-13 16:38:52
106.54.65.144	attack	DATE:2020-10-12 00:11:17, IP:106.54.65.144, PORT:ssh SSH brute force auth (docker-dc)	2020-10-12 06:52:48
106.54.65.144	attackbotsspam	(sshd) Failed SSH login from 106.54.65.144 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 02:44:39 optimus sshd[21999]: Invalid user magnos from 106.54.65.144 Oct 11 02:44:39 optimus sshd[21999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 11 02:44:42 optimus sshd[21999]: Failed password for invalid user magnos from 106.54.65.144 port 51394 ssh2 Oct 11 02:54:06 optimus sshd[25430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 11 02:54:07 optimus sshd[25430]: Failed password for root from 106.54.65.144 port 44400 ssh2	2020-10-11 15:00:32
106.54.65.144	attackbotsspam	Oct 11 05:39:50 itv-usvr-02 sshd[1510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 11 05:39:52 itv-usvr-02 sshd[1510]: Failed password for root from 106.54.65.144 port 35370 ssh2 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: Invalid user nexus from 106.54.65.144 port 34468 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: Invalid user nexus from 106.54.65.144 port 34468 Oct 11 05:44:57 itv-usvr-02 sshd[1682]: Failed password for invalid user nexus from 106.54.65.144 port 34468 ssh2	2020-10-11 08:21:44
106.54.65.144	attackbots	Oct 10 00:15:47 ns382633 sshd\[23818\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 10 00:15:50 ns382633 sshd\[23818\]: Failed password for root from 106.54.65.144 port 39588 ssh2 Oct 10 00:17:14 ns382633 sshd\[23969\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 10 00:17:16 ns382633 sshd\[23969\]: Failed password for root from 106.54.65.144 port 55150 ssh2 Oct 10 00:18:34 ns382633 sshd\[24125\]: Invalid user test from 106.54.65.144 port 41826 Oct 10 00:18:34 ns382633 sshd\[24125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144	2020-10-10 07:45:58
106.54.64.77	attack	ET SCAN NMAP -sS window 1024	2020-10-10 05:53:37
106.54.65.144	attack	Oct 9 12:59:15 cp sshd[13335]: Failed password for root from 106.54.65.144 port 55072 ssh2 Oct 9 12:59:15 cp sshd[13335]: Failed password for root from 106.54.65.144 port 55072 ssh2	2020-10-10 00:08:05
106.54.64.77	attack	Oct 9 04:15:01 vps639187 sshd\[29593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 user=root Oct 9 04:15:03 vps639187 sshd\[29593\]: Failed password for root from 106.54.64.77 port 47912 ssh2 Oct 9 04:17:59 vps639187 sshd\[29659\]: Invalid user sysadmin from 106.54.64.77 port 46576 Oct 9 04:17:59 vps639187 sshd\[29659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 ...	2020-10-09 22:00:40
106.54.65.144	attackspam	Oct 9 08:22:19 inter-technics sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 9 08:22:21 inter-technics sshd[25151]: Failed password for root from 106.54.65.144 port 44032 ssh2 Oct 9 08:24:47 inter-technics sshd[25232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 9 08:24:49 inter-technics sshd[25232]: Failed password for root from 106.54.65.144 port 43610 ssh2 Oct 9 08:27:16 inter-technics sshd[25381]: Invalid user test001 from 106.54.65.144 port 43194 ...	2020-10-09 15:53:43
106.54.64.77	attack	Oct 9 04:15:01 vps639187 sshd\[29593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 user=root Oct 9 04:15:03 vps639187 sshd\[29593\]: Failed password for root from 106.54.64.77 port 47912 ssh2 Oct 9 04:17:59 vps639187 sshd\[29659\]: Invalid user sysadmin from 106.54.64.77 port 46576 Oct 9 04:17:59 vps639187 sshd\[29659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 ...	2020-10-09 13:50:46
106.54.64.77	attackbots	prod11 ...	2020-10-08 06:02:14
106.54.64.77	attackbotsspam	TCP (SYN) 106.54.64.77:47816 -> port 703, len 44	2020-10-07 01:30:09
106.54.64.77	attack	TCP (SYN) 106.54.64.77:49652 -> port 17753, len 44	2020-10-06 17:23:54
106.54.65.144	attackspam	web-1 [ssh_2] SSH Attack	2020-09-30 03:46:49

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.54.6.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24319
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.54.6.132.			IN	A

;; AUTHORITY SECTION:
.			497	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031200 1800 900 604800 86400

;; Query time: 77 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 12 19:36:45 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 132.6.54.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 132.6.54.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
104.140.188.18	attackspam	Unauthorized connection attempt detected from IP address 104.140.188.18 to port 5060 [J]	2020-01-30 02:58:48
37.153.138.108	attackbotsspam	2020-01-29T19:17:16.505026homeassistant sshd[5943]: Invalid user sarup from 37.153.138.108 port 45962 2020-01-29T19:17:16.511477homeassistant sshd[5943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.153.138.108 ...	2020-01-30 03:18:50
93.174.95.110	attack	Jan 29 19:06:04 debian-2gb-nbg1-2 kernel: \[2580428.313377\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=93.174.95.110 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=58607 PROTO=TCP SPT=52099 DPT=7795 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-30 02:54:27
198.50.180.172	attackspambots	2019-12-15 10:21:46 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=ip172.ip-198-50-180.net \[198.50.180.172\]:64926 I=\[193.107.88.166\]:25 input="CONNECT 31.13.66.35:443 HTTP/1.0" 2019-12-15 10:21:46 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=ip172.ip-198-50-180.net \[198.50.180.172\]:65532 I=\[193.107.88.166\]:25 input="\004\001\001�\037\rB\#" 2019-12-15 10:21:47 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=ip172.ip-198-50-180.net \[198.50.180.172\]:49283 I=\[193.107.88.166\]:25 input="\005\001" 2019-12-15 10:21:47 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=ip172.ip-198-50-180.net \[198.50.180.172\]:49453 I=\[193.107.88.166\]:25 input="GET https://m.facebook.com/ HTTP" 2019-12-15 10:21:47 SMTP protocol synchronization error \(input ...	2020-01-30 03:07:01
103.230.6.170	attack	445/tcp [2020-01-29]1pkt	2020-01-30 03:12:18
51.77.156.223	attackspambots	Unauthorized connection attempt detected from IP address 51.77.156.223 to port 2220 [J]	2020-01-30 03:01:40
199.189.27.107	attackspambots	2019-03-20 12:30:20 1h6ZQK-0000lQ-2f SMTP connection from stroke.hasanhost.com \(stroke.techsensible.icu\) \[199.189.27.107\]:45151 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-20 12:31:50 1h6ZRm-0000oV-KK SMTP connection from stroke.hasanhost.com \(stroke.techsensible.icu\) \[199.189.27.107\]:47050 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-20 12:33:01 1h6ZSv-0000qd-Ja SMTP connection from stroke.hasanhost.com \(stroke.techsensible.icu\) \[199.189.27.107\]:41430 I=\[193.107.90.29\]:25 closed by DROP in ACL ...	2020-01-30 02:57:29
106.13.148.44	attackspam	Unauthorized connection attempt detected from IP address 106.13.148.44 to port 2220 [J]	2020-01-30 03:29:40
197.6.130.112	attack	2019-04-10 12:59:59 H=\(\[197.6.130.112\]\) \[197.6.130.112\]:18558 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-04-10 13:00:07 H=\(\[197.6.130.112\]\) \[197.6.130.112\]:18635 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-04-10 13:00:13 H=\(\[197.6.130.112\]\) \[197.6.130.112\]:18706 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 03:24:36
180.76.108.151	attackbotsspam	Unauthorized connection attempt detected from IP address 180.76.108.151 to port 2220 [J]	2020-01-30 03:35:10
81.22.45.85	attackbots	01/29/2020-13:46:48.309187 81.22.45.85 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-01-30 03:10:59
220.141.69.215	attackspambots	23/tcp [2020-01-29]1pkt	2020-01-30 02:57:14
208.117.55.132	attackbots	From: GEO-Real Company Add enquiry09@realtyagent.com to my Address Book	2020-01-30 03:20:08
197.99.113.4	attackspam	2019-03-13 05:10:42 H=197-99-113-4.ip.broadband.is \[197.99.113.4\]:41388 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-13 05:11:04 H=197-99-113-4.ip.broadband.is \[197.99.113.4\]:41561 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-13 05:11:28 H=197-99-113-4.ip.broadband.is \[197.99.113.4\]:41697 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 03:19:19
199.189.27.108	attackspambots	2019-03-03 06:26:25 1h0Jdo-0002Hn-Os SMTP connection from acoustics.hasanhost.com \(acoustics.datdaimyphuoc.icu\) \[199.189.27.108\]:50082 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-03 06:30:03 1h0JhK-0002Nc-VB SMTP connection from acoustics.hasanhost.com \(acoustics.datdaimyphuoc.icu\) \[199.189.27.108\]:54606 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-03 06:30:13 1h0JhU-0002Nl-QB SMTP connection from acoustics.hasanhost.com \(acoustics.datdaimyphuoc.icu\) \[199.189.27.108\]:45455 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-14 00:25:12 1h4DFI-0005xV-Ex SMTP connection from acoustics.hasanhost.com \(acoustics.aladdinhits.icu\) \[199.189.27.108\]:49119 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-14 00:25:44 1h4DFo-0005xy-H5 SMTP connection from acoustics.hasanhost.com \(acoustics.aladdinhits.icu\) \[199.189.27.108\]:55655 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-03-14 00:26:51 1h4DGt-0005zJ-Ml SMTP connection from acoustics.hasanhost.c ...	2020-01-30 02:56:17

最近上报的IP列表

180.241.119.216	118.24.21.83	129.211.46.112	89.169.110.190
60.251.205.1	114.5.192.3	125.166.184.152	138.121.213.162
14.189.33.144	177.244.75.165	177.206.226.160	46.161.60.207
213.185.224.44	101.108.164.43	89.216.99.102	173.211.104.40
69.115.251.55	182.53.68.127	175.20.162.21	123.26.251.170